By Bill Pytlovany
New Layer of Microsoft Security?
Now that most of us have stopped whining about the User Account Control screen Microsoft is trying to build a better program trap. Their newest plan is to expand a tool called SmartScreen Filter. I’ve discovered both the good and bad with the plan.
Last month I investigated the need to have a code signing certificate for programs distributed by download. This added expense for developers can range from $100 to $500 depending on the company providing the security review and certificate.
My ultimate decision was to continue purchasing a certificate because it was respectful to folks upgrading to our new WinPatrol and set a good example to anyone new to downloading WinPatrol. I also discovered if an application isn’t signed it’s nearly impossible to download using Internet Explorer with its SmartScreen Filter enabled. While this is currently a feature of Internet Explorer expect to find SmartScreen Filter integrated into Windows 8.
Currently, when you try to download a new program which isn’t signed using Internet Explorer you’ll most likely see the following warning…
As I wrote about previously, even if you click “Actions”, Microsoft discourages you from downloading the file and essentially hides the sequence needed to continue your download.
When I released WinPatrol v25 signed with my brand new certificate I was in for a shock from “SmartScreen Filter”. While the message for my signed app was now yellow it still implied that WinPatrol was most likely a dangerous choice.
I received dozens of Emails from long time WinPatrol users most thinking that Microsoft was reporting a false positive. It turns out that SmartScreen Filter doesn’t 100% trust a code signing certificate. Based on recent events, they shouldn’t.
SmartScreen Filter is about trust and “Reputation” Article continued here
This post is excerpted with Bill’s permission from his blog